Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-63747

    QaTraq 6.9.2 ships with administrative account credentials which are enabled in default installations and permit immediate login via the web application login page. Because the account provides administrative privileges in the default configuration, an at... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-58410

    Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers exported as read-only. This is caused by improper handling of the memory protections for the buffer resource.... Read more

    Affected Products : ddk
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-36462

    Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlU... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-7711

    The The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.3. This is due to the software allowing users to execute an action that d... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-12404

    The Like-it plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the likeit_conf() function. This makes it possible for unauthenticated attacker... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-13268

    A flaw has been found in Dromara dataCompare up to 1.0.1. The affected element is the function DbConfig of the file src/main/java/com/vince/xq/project/system/dbconfig/service/DbconfigServiceImpl.java of the component JDBC URL Handler. Executing manipulati... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-12691

    The Photonic Gallery & Lightbox for Flickr, SmugMug & Others plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightbox functionality in all versions up to, and including, 3.21 due to insufficient input sanitization and ou... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-12457

    The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for ... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-12961

    The Download Panel plugin for WordPress is vulnerable to unauthorized settings modification due to a missing capability check on the 'wp_ajax_save_settings' AJAX action in all versions up to, and including, 1.3.3. This is due to the absence of any capabil... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-36553

    A buffer overflow vulnerability exists in the CvManager functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to memory corruption. An attacker can issue ... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-12827

    The Top Friends plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3. This is due to missing nonce validation on the top_friends_options_subpanel() function. This makes it possible for unauthenticated ... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-12937

    The ACF Flexible Layouts Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'acf_flm_update_template_with_pasted_layout' function in all versions up to, and including, 1.1.6. This makes... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2025-60022

    Improper certificate validation vulnerability exists in 'デジラアプリ' App for iOS prior to ver.80.10.00. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to eavesdrop on and/or tamper with an encrypted communication.... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cryptography

  • 4.3

    MEDIUM
    CVE-2025-12481

    The WP Duplicate Page plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'saveSettings' function. Th... Read more

    Affected Products : wp_duplicate_page
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-13265

    A weakness has been identified in lsfusion platform up to 6.1. This vulnerability affects the function unpackFile of the file server/src/main/java/lsfusion/server/physics/dev/integration/external/to/file/ZipUtils.java. This manipulation causes path traver... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-12392

    The Cryptocurrency Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle_optin_optout' function in all versions up to, and including, 2.0.22. This makes it ... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-12524

    The Post Type Switcher plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.0.0 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-12391

    The Restrictions for BuddyPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_optin_optout() function in all versions up to, and including, 1.5.2. This makes it possible for unauthe... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authorization

  • 4.5

    MEDIUM
    CVE-2025-55057

    Multiple CWE-352 Cross-Site Request Forgery (CSRF)... Read more

    Affected Products : rumpus
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.5

    MEDIUM
    CVE-2025-13266

    A security vulnerability has been detected in wwwlike vlife up to 2.0.1. This issue affects the function create of the file vlife-base/src/main/java/cn/wwwlike/sys/api/SysFileApi.java of the component VLifeApi. Such manipulation of the argument fileName l... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Path Traversal
Showing 20 of 3680 Results